Threat behavior
Trojan:Win32/Abndog.A is a trojan that downloads arbitrary files from predefined Web sites.
Installation
If this trojan is run, it may drop a randomly named file into a randomly named file folder, as in the following example:
c:\0001050a\69651
Win32/Abndog.A may drop a driver named 'beep.sys' into the Windows system\drivers folder. The purpose of the driver is to help hide the dropped trojan files and to disable antivirus programs.
This trojan may drop and run a Batch script utility program named 'C:\del_exe.bat'. This Batch script may delete Win32/Abndog.A and itself.
Payload
Downloads Files
Win32/Abndog.A may attempt to download files from predefined Web sites. The list of sites contacted may include the following:
www.vbjmd.cn
why38.cn
www.interoo.net
www.guccia.net
b2c.6e3c0f.com
The files retrieved by the trojan may be stored in the temporary Internet folder and executed.
Analysis by Neno Lakinski
Prevention